Re: Standardizing the way licenses information is shipped in tarballs

From: Simon McVittie <simon mcvittie collabora co uk>
To: desktop-devel-list gnome org
Subject: Re: Standardizing the way licenses information is shipped in tarballs
Date: Tue, 02 Sep 2014 17:38:32 +0100

On 02/09/14 16:15, Pacho Ramos wrote:

We agree that would be really useful to standardize a place where
downstreams can check for the LICENSES of files shipped in tarball to
prevent confusions and to ensure all downstreams have proper licensing
information

What do you think?


My experience in Debian is that central lists of licenses and
(particularly) copyright holders are never, in practice, complete. Even
debian/copyright is rarely 100% accurate, despite our policy that
incomplete info in that file is a release-critical bug (i.e. grounds for
removal from Debian if it is reported and not fixed). So packagers are
likely to have to run licensecheck, or similar, regardless of upstreams'
best intentions.

In typical cases (e.g. LGPL + some BSD/MIT code, GPL + some LGPL code)
there is one main license that it is reasonably safe to assume is "the"
license of the entire package, because none of the minor licenses impose
conditions that the main license does not. That can go in /COPYING or
whatever without causing practical problems.

The problematic case is when there are licenses that impose *more*
conditions than the main license (e.g. GPL + CC-BY-SA - each imposes
some restrictions that the other does not). In these situations I would
usually put the actual licenses in /COPYING.GPL and /COPYING.CC-BY-SA or
something, and have COPYING be a "road map" that says "for /src see
COPYING.GPL, for /doc see COPYING.CC-BY-SA".

The bottom line is that if you want to be sure about the license and
copyright status of a particular piece of code (for instance because you
want to move it into GLib), you need to look at the license headers in
that piece of code, and preferably also its VCS history; trusting the
project containing that code to have an accurate summary in /COPYING is
not necessarily reliable. This is why the FSF and similarly
lawyer-equipped organizations recommend putting the (L)GPL license-grant
boilerplate, or the entire text of a short license like BSD or MIT, in
each individual source file.

    S

References:
- Standardizing the way licenses information is shipped in tarballs
  - From: Pacho Ramos

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]